Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull namespace fixes from Eric Biederman:
"I believe all of these are simple obviously correct bug fixes. These
fall into two groups:

- Fixing the implementation of MNT_LOCKED which prevents lesser
privileged users from seeing unders mounts created by more
privileged users.

- Fixing the extended uid and group mapping in user namespaces.

As well as ensuring the code looks correct I have spot tested these
changes as well and in my testing the fixes are working"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
mount: Prevent MNT_DETACH from disconnecting locked mounts
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Retest MNT_LOCKED in do_umount
userns: also map extents in the reverse map to kernel IDs

+25 -9
+17 -5
fs/namespace.c
··· 1540 1540 1541 1541 namespace_lock(); 1542 1542 lock_mount_hash(); 1543 - event++; 1544 1543 1544 + /* Recheck MNT_LOCKED with the locks held */ 1545 + retval = -EINVAL; 1546 + if (mnt->mnt.mnt_flags & MNT_LOCKED) 1547 + goto out; 1548 + 1549 + event++; 1545 1550 if (flags & MNT_DETACH) { 1546 1551 if (!list_empty(&mnt->mnt_list)) 1547 1552 umount_tree(mnt, UMOUNT_PROPAGATE); ··· 1560 1555 retval = 0; 1561 1556 } 1562 1557 } 1558 + out: 1563 1559 unlock_mount_hash(); 1564 1560 namespace_unlock(); 1565 1561 return retval; ··· 1651 1645 goto dput_and_out; 1652 1646 if (!check_mnt(mnt)) 1653 1647 goto dput_and_out; 1654 - if (mnt->mnt.mnt_flags & MNT_LOCKED) 1648 + if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */ 1655 1649 goto dput_and_out; 1656 1650 retval = -EPERM; 1657 1651 if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) ··· 1734 1728 for (s = r; s; s = next_mnt(s, r)) { 1735 1729 if (!(flag & CL_COPY_UNBINDABLE) && 1736 1730 IS_MNT_UNBINDABLE(s)) { 1737 - s = skip_mnt_tree(s); 1738 - continue; 1731 + if (s->mnt.mnt_flags & MNT_LOCKED) { 1732 + /* Both unbindable and locked. */ 1733 + q = ERR_PTR(-EPERM); 1734 + goto out; 1735 + } else { 1736 + s = skip_mnt_tree(s); 1737 + continue; 1738 + } 1739 1739 } 1740 1740 if (!(flag & CL_COPY_MNT_NS_FILE) && 1741 1741 is_mnt_ns_file(s->mnt.mnt_root)) { ··· 1794 1782 { 1795 1783 namespace_lock(); 1796 1784 lock_mount_hash(); 1797 - umount_tree(real_mount(mnt), UMOUNT_SYNC); 1785 + umount_tree(real_mount(mnt), 0); 1798 1786 unlock_mount_hash(); 1799 1787 namespace_unlock(); 1800 1788 }
+8 -4
kernel/user_namespace.c
··· 974 974 if (!new_idmap_permitted(file, ns, cap_setid, &new_map)) 975 975 goto out; 976 976 977 - ret = sort_idmaps(&new_map); 978 - if (ret < 0) 979 - goto out; 980 - 981 977 ret = -EPERM; 982 978 /* Map the lower ids from the parent user namespace to the 983 979 * kernel global id space. ··· 999 1003 1000 1004 e->lower_first = lower_first; 1001 1005 } 1006 + 1007 + /* 1008 + * If we want to use binary search for lookup, this clones the extent 1009 + * array and sorts both copies. 1010 + */ 1011 + ret = sort_idmaps(&new_map); 1012 + if (ret < 0) 1013 + goto out; 1002 1014 1003 1015 /* Install the map */ 1004 1016 if (new_map.nr_extents <= UID_GID_MAP_MAX_BASE_EXTENTS) {